Installing AD Federation Service on Windows Server 2016

Posted: January 3, 2017 in Windows Server

Active Directory Federation Service (ADFS) enables the following:

  • Provide your employees or customers with a Web-based, single-sign-on (SSO) experience when they need remote access to internally hosted Web sites or services.
  • Provide your employees or customers with a Web-based, SSO experience when they access cross-organizational Web sites or services from within the firewalls of your network.
  • Provide employees or customers with seamless access to Web-based resources in any federation partner organization on the Internet without requiring employees or customers to log on more than once.Installing SSL certificate to ADFS server

Active Directory Federation Services (AD FS) requires a certificate for Secure Socket Layer (SSL) server authentication.

Creatining certificate template

On CA computer,in CA console-right click Certificate Templates-Manage

1.png

Right click Web Server template-Duplicate Template

2.png

Security tab-Object Types-Computers-Add Domain Computer

3.png

4

Give Domain Computers rights to Write,Enroll and AutoEnroll certificate

5

Click Request Handling and check Allow private key to be exported

6.png

On General tab give template a name and click OK:

7.PNG

Right click again certificate template-New Certificate Template to issue

8.png

Select template and click OK

9.PNG

Now on computer where ADFS will be installed open MMC console add Certificates snap-in-local computer

10

11.png

Right click Personal Folder-All tasks-Request a New Certificate

12.png

Select template and click More information is required to enroll….:

12-1

In Subject name field from drop-down menu choose Common name and type FQDN of ADFS server,in Alternative Name choose DNS and put the same value:

17.PNG

Click OK,certificate should be installed

19.PNG

Now export SSL certificate to a file:

23.png

Export private key

24.PNG

Set a password:

25.PNG

Copy file to ADFS server,right click on it and select install certificate:

14.png

Local Machine:

15.PNG

Place it in Personal folder:

4.PNG

Installing ADFS role

Now,when we have certificate,we can install ADFS:

20.PNG

Or by PowerShell:

Install-windowsfeature adfs-federation –IncludeManagementTools

After role was installed,we are required to configure ADFS:

21.png

22.PNG

 

Choose certificate and Display name:

 

27.PNG

Set KDS key:

28.PNG

Create new or use existing Managed Service Account.Think of this as a service account which has its own complex password and is maintained automatically. This means that an MSA can run services on a computer in a secure and easy to maintain manner

29.PNG

Create new Windows database  or SQL:

 

30.PNG

PowerShell way:

First,find SSL certificate thumbrint:

dir Cert:\LocalMachine\My

31.PNG

Install-AdfsFarm -CertificateThumbprint B47266C6A4F5893481EE8077E0302C8BA9D6C2D5 -FederationServiceName 'Test ADFS' -GroupServiceAccountIdentifier test\msa

 

Test if ADFS works properly:

In browser open https://fs.test.com/adfs//fs//federationserverservice.asmx

 

32.png

 

In Event Viewer-Application and services Logs-AFDS-Admin check if EventID 100 exists

 

33.PNG

 

 

Advertisements
Comments

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s